<?php
//Verificaci'on de que el archivo sea de una extensi'on v'alida.
// begin Dave B's Q&D file upload security code
//var_dump($_POST);
  $allowedExtensions = array("jpg","jpeg","gif","png");
  foreach ($_FILES as $file) {
    if ($file['tmp_name'][0] > '') {
      if (!in_array(end(explode(".",
            strtolower($file['name'][0]))),
            $allowedExtensions)) {
       die($file['name'][0].' is an invalid file type!<br/>'.
        '<a href="javascript:history.go(-1);">'.
        '&lt;&lt Go Back</a>');
      }
	}
  if ($file['tmp_name'][1] > '') {
      if (!in_array(end(explode(".",
            strtolower($file['name'][1]))),
            $allowedExtensions)) {
       die($file['name'][1].' is an invalid file type!<br/>'.
        '<a href="javascript:history.go(-1);">'.
        '&lt;&lt Go Back</a>');
      }
    }
  
  }
  // end Dave B's Q&D file upload security code 
  require $_SERVER["DOCUMENT_ROOT"] . "/aonce_connect.php";

$foto_path = $_SERVER["DOCUMENT_ROOT"] . $parent_dir. "/uploads/";
$foto_path = $foto_path . $_POST["titulo"] . "_" . basename( $_FILES['uploadedfile']['name'][0]); 

$thumb_path = $_SERVER["DOCUMENT_ROOT"] . $parent_dir. "/thumbs/";
$thumb_path = $thumb_path . $_POST["titulo"] . "_" . basename( $_FILES['uploadedfile']['name'][1]); 

if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'][0], $foto_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name'][0]). 
    " has been uploaded. <br />\n";
} else{
    echo "There was an error uploading the file, please try again!<br />\n";
}
if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'][1], $thumb_path)) {
    echo "The file ".  basename( $_FILES['uploadedfile']['name'][1]). 
    " has been uploaded. <br />\n";
} else{
    echo "There was an error uploading the file, please try again!<br />\n";
}
/*
 * Mapeo de variables para inserci'on en base de datos.
 */
$titulo = htmlentities($_POST["titulo"]);
$datos = htmlentities($_POST["dgen"]);
$texto = htmlentities($_POST["ftext"]);

/*
 * Queries de obtenci'on de informaci'on de convocatoria 
 */
$conv_fields = "tituloconvocatoria, datosconvocatoria, textoconvocatoria, imagenconvocatoria, thumbconvocatoria";//, orientacionconvocatoria";
$conv_query = "INSERT INTO convocatoria ($conv_fields) VALUES (\"$titulo\", \"$datos\", \"$texto\", \"".$_POST["titulo"]."_".$_FILES["uploadedfile"]["name"][0]."\", \"".$_POST["titulo"]."_".$_FILES["uploadedfile"]["name"][1]. "\");";//, $_POST[ori]) ;";
//echo $conv_query;
  
/*
 * Conexion a DB y ejecuci'on de queries
 */
$link = conecta();
$conv_result = $link->query($conv_query);
$link->close();

printf("<script language=\"javascript\">\ndocument.location=\"error.php?msg=%s&title=%s\";\n</script>", urlencode("Convocatoria guardada exitosamente"), urlencode("Exito!"));
?>
